App developers face potential fines over lack of privacy policies

In a sign of the growing scrutiny on mobile privacy issues, California attorney general Kamala Harris sent letters this week to dozens of application developers, giving them 30 days to conspicuously post a privacy policy or potentially face a fine of $2,500 per download.

The letters are the first step in taking legal action to enforce the California Online Privacy Protection Act which requires online service providers to post a privacy policy where it can be easily seen by users. The letters are being sent to up to 100 apps the attorney general claims are non-compliant.

“This news shouldn’t be a surprise for app developers,” said Jules Polonetsky, director and co-chair of the Future of Privacy Forum, Washington. “The California attorney general has been very clear that the state law requiring privacy policies applies to app developers and not just Web sites.

“Clearly their goal isn’t to run around fining people, but rather to get these folks into compliance with the law,” he said.

Privacy made easyIf some app developers do not begin putting more of a focus on privacy, they could end up paying dearly. For example, companies can face fines of up to $2,500 each time a non-compliant app is downloaded under the California Online Privacy Protection Act.

The mobile apps sector — which is quickly growing — has had little regulation so far. However, it faces growing scrutiny from legislators and privacy advocates who are concerned after a series of revelations indicated that some apps are uploading user contact names and otherwise accessing user information, often without permission.

App developers have complained in the past that it was not easy to place privacy policies in their apps because of some of the restrictions and guidelines in place from app stores such as the Apple App Store and Google Play.

IOS 6 includes a privacy tab for developers

However, the situation is being addressed.

In the latest version of iOS from Apple, there is a special tab that app developers can use in their apps specifically for their privacy policies.

Additionally, California’s attorney general put together an agreement with seven leading mobile app platforms – including Amazon, Apple, Facebook and Google. The companies agreed to allow consumers to review an app’s privacy policy before the download the app instead of after.

Putting privacy on radar In general, app developers have been moving in the direction of putting privacy policies in place.

However, the moves by California’s attorney general suggest that there are still some high-profile companies that still have not taken steps to include a mobile app privacy policy.

Reports suggest United and Delta airlines are among the high-profile companies that do not have app privacy policies in place.

A study conducted by the Future of Privacy Forum found that 61 percent of apps have privacy policies. For Android and iOS apps, the number jumps up to 80 percent.

“It is clear that some very prominent apps continue to not have policies that are conspicuous,” Mr. Polonetsky said.

“Even some of the major companies, who have privacy policies and lawyers, haven’t paid attention to what they uniquely need to do when they post an app,” he said.

“The mistake they make is to simply point to their Web site policy. “When even the big actors haven’t focused on this, it needs some escalation to get on their radar.”

No excuses It is not enough for a company to point mobile app users to its Web site privacy policy since many of the issues in mobile are different.

For example, while a Web site privacy policy should focus on cookies and how to disable them, mobile app developers are most likely not using cookies to track users but instead a unique identifier associated with their device.

Additionally, mobile apps may be accessing a user’s location, contacts and other information they should be aware is being accessed.

“As people update apps for iOS 6, they can now provide an easy link to their policy,” Mr. Polonetsky said. “There is really no excuse anymore.”

Final TakeChantal Tode is associate editor on Mobile Marketer, New York